[BreachExchange] Web hosting provider shuts down after cyberattack

Destry Winant destry at riskbasedsecurity.com
Thu Feb 11 11:25:50 EST 2021


https://www.zdnet.com/article/web-hosting-provider-shuts-down-after-cyber-attack/

A web hosting company named No Support Linux Hosting announced today
it was shutting down after a hacker breached its internal systems and
compromised its entire operation.

According to a message posted on its official site [archived], the
company said it was breached on Monday, February 8. The hacker appears
to have "compromised" the company's entire operation, including its
official website, admin section, and customer database.

A No Support Linux Hosting (NSLH) spokesperson did not return a
request for comment seeking details about the attack. But while
details about the intrusion are unclear, the attack appears to have
been destructive in its nature.

"We can no longer operate the No Support Linux Hosting business," the
company flatly acknowledged today.

"All customers should immediately download backups of their websites
and databases through cPanel," NSLH said, urging clients to do so
before servers go down for good.

At the time of writing, the nature of the NSLH attack is unclear, and
we don't know if the hacker downloaded & wiped the company's database
and backups or if we're talking about a classic ransomware attack
where the intruder encrypted files and demanded a ransom for the
decryption key.

TWO OTHER HOSTING PROVIDERS REPORTED HACKS AS WELL

But even if NSLH did not respond to a request for comment, there looks
to be a lot more to this attack.

Earlier today, TorrentFreak, a blog dedicated to digital rights and
piracy news, reported that two UK-based hosting companies that provide
IPTV services to pirate streaming sites also suffered similar hacks.

For a short while on Monday, SapphireSecure.net and KS-Hosting.com
both showed a message on their front page from the alleged hacker.

In the message, the hacker shared the personal details of the person
behind the two sites and threatened the two companies to share their
customer databases with police and copyright protection agencies
unless a ransom of 2 BTC (~$92,000) was paid.

But what could connect this attack with the NSLH incident is the fact
that the SapphireSecure.net and KS-Hosting.com hacker also gave
companies the option to shut down for good as a way to avoid having
their data shared with authorities or paying the ransom.

With the two hacks so close in proximity and with overlapping details,
it may be possible that NSLH was breached by the same threat actor.


More information about the BreachExchange mailing list